Well valve hasnt missed anything, the exploit just does a rcon_challenge and sends the format string attack. Valve has patched it right, since it exploits the logging function in half life.
if a valve coder is interested in the source he can just drop me an email and i see what i can do... -- - Met vriendelijke groet, Erik van den Berg Server Administrator/Unix Security Consultant Technische Dienst XL-Hosting http://www.xl-hosting.com [EMAIL PROTECTED] ----- Original Message ----- From: "Jeremy Brooking" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 04, 2003 11:24 PM Subject: Re: [hlds_linux] the %n bug > > Releasing the code does 2 things. > > Allows valve to go over it and see if theres anything they have missed. > > Makes people wake up to the fact they need keep there servers up to > date. > > If you cannot keep your server up to date, I have no sympathy for you. > The number of times I have had to deal with a DoS/DDoS/DRDoS from > comprimissed boxes in the last 10 years, I cannot count. The reason for > the dos was NOT the fact source was released, its because people lack > the understand of what implications of having your 1 little box on the > net. > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
